[openstack-dev] [Security] [Bandit] Using multiprocessing/threading to speed up analysis

Ian Cordasco ian.cordasco at RACKSPACE.COM
Mon Jun 8 15:26:22 UTC 2015


Hey everyone,

I drew up a blueprint
(https://blueprints.launchpad.net/bandit/+spec/use-threading-when-running-c
hecks) to add the ability to use multiprocessing (or threading) to Bandit.
This essentially means that each "thread" will be fed a file and analyze
it and return the results. (A file will only ever be analyzed by one
thread.)

This has lead to significant speed improvements in Flake8 when running
against a project like Nova and I think the same improvements could be
made to Bandit.

I'd love some feedback on the following points:

1. Should this be on by default?

   Technically, this is backwards incompatible (unless we decide to order
the output before printing results) but since we're still in the 0.x
release series of Bandit, SemVer allows backwards incompatible releases. I
don't know if we want to take advantage of that or not though.

2. Is output ordering significant/important to people?

3. If this is off by default, should the flag accept a special value,
e.g., 'auto', to tell Bandit to always use the number of CPUs present on
the machine?

Cheers,
Ian



More information about the OpenStack-dev mailing list